Azure Security Center (ASC)

In the interest of full transparency, originally I did not have Azure Security Center as a part of this series. But then I thought about it a little more, and in reality, Azure Security Center is a monitoring tool; it just focuses on monitoring security elements. So let’s dive into what this tool is and how to use it.

So let’s dive into what this tool is and how to use it.

Azure Security Center (or ASC as it’s shortened to), does more than just monitoring your environments and assets against security, it also provides centralized management of security components and threat detection.

One of the greatest announcements recently for Azure Security Center is that it now operates in a hybrid model. This means that, aside from monitoring your Azure resources, you can have Azure Security Center gain visibility, threat prevention, and threat detection/response against your on-premises environment, or even environments running in other clouds as well.

Azure Security Center – Overview

You can even gain additional insights by integrating with Power BI, since Microsoft has released 2 Power BI content packs.

Real Word Example

There are a lot of uses for Azure Security Center, and there are a lot of great demos from the sessions at Ignite.

But for some hands-on, it’s useful to set Azure Security Center up in a new environment, to identify anything you may have missed. For example, maybe you have a requirement to ensure all data and storage is encrypted but might have forgotten to set this on some.

Before setting the environment to “live” you could turn on Azure Security Center to check key elements like encryption, firewalls, etc.

Azure Security Center – Recommendations

If you’re familiar with the Operations Management Suite (OMS), and the security-based solutions on that platform, you will notice some of these are being brought over into Azure Security Center; specifically the Identity & Access and the Threat Intelligence.

There are currently 12 recommendations that Azure Security Center checks against. So if you don’t need to check against Just-In-Time (JIT) Network Access or SQL elements, you can turn that off (but keep in mind that if you do, it affects all resources that ASC monitors).

Azure Security Center – Recommendation Checks

But what about if you have your own Security Information and Event Management (SIEM) system in place that you want to use? Thankfully Microsoft also has a Log Integrator available here.

Azure Security Center – Log Integration

Conclusion

Azure Security Center (ASC) is (and will become) the main location for all things Security in Azure. Similar to how Azure Monitor is the central starting point for monitoring toolsets, Azure Security Center will become more and more the central hub for security.

Case in point, the Operations Management Suite (OMS) security solutions being ported over into Azure Security Center. Microsoft also recently announced a SQL Vulnerability Assessment. If you look carefully at the icon used for the SQL Vulnerability Assessment (VA), it looks a lot like the icon for Azure Security Center. It is my assumption that (hopefully) this will be rolled into Azure Security Center in the future, as currently, it’s only available through the Azure SQL DB interface.